Chapter 3

Transport Level Security-SSH

After studying this chapter
students should be able to present:
Course Learning Web security considerations:
Outcome: threats,countermeasures
o Present techniques and ✔ Secure Shell (SSH) Overview
protocols for ✔ SSH-2 Protocol Stack
transport-level ✔ SSH-2 Security
security. ✔ Port forwarding with SSH
✔ SSH applications

1/23
TELNET Overview
 Secure Shell (SSH) Overview
❏ A protocol for secure network communications designed to
be relatively simple and inexpensive to implement
● initial version, SSH1 was focused on providing a secure remote
logon facility to replace TELNET and other remote logon
schemes that provided no security
● also provides a more general client/server capability and can be
used for network functions such as file transfer, e-mail
❏ SSH2 fixes a number of security flaws in SSH1 and is
documented as proposed standard in IETF RFCs 4250
through 4256
❏ SSH client and server applications are widely available for
most operating systems
● become method of choice for remote login and X tunneling

● rapidly becoming one of the most pervasive applications

for encryption technology outside of embedded systems

3/23
 SSH-2 Security Goals
❏ Server always authenticated in transport layer protocol.
❏ Client always authenticated in authentication protocol.
● By public key (DSS, RSA, SPKI, OpenPGP).
● Or simple password for particular application over secure
channel.
❏ Establishment of a fresh, shared secret.
● Shared secret used to derive further keys, similar to
SSL/IPSec.
● For confidentiality and authentication in SSH transport layer
protocol.
❏ Secure ciphersuite negotiation.
● Encryption, MAC, and compression algorithms.
● Server authentication and key exchange methods.

4/23
 SSH-2 Protocol Stack
SSH is
organized as 3
protocols run on
top of TCP

5/23
 SSH Transport Layer Protocol-
HOST KEYS
❏ Server authentication occurs at the transport layer, based
on the server possessing a public/private key pair
❏ A server may have multiple host keys using multiple
different asymmetric encryption algorithms
❏ Multiple hosts may share the same host key
❏ The server host key is used during key exchange to
authenticate the identity of the host
● client must have a prior knowledge of server’s public host key.
❏ RFC 4251 dictates two alternative trust models:
❏ 1. The client has a local database that associates each host
name with the corresponding public host key
This method requires no centrally administered infrastructure and no third-party coordination. The downside
is that the database of name-to-key associations may become burdensome to maintain.
❏ 2. The host name-to-key association is certified by a trusted
certification authority (CA); the client only knows the CA root
key and can verify the validity of all host keys certified by
accepted CAs This alternative eases the maintenance problem, since ideally, only a single CA key
needs to be securely stored on the client. On the other hand, each host key must be
appropriately certified by a central authority before authorization is possible. 6/23
 SSH Transport Layer Protocol-Packet Exchanges 1/2
Client establishes a TCP connection to the
server.
This is done via the TCP protocol and is not part of the Transport Layer Protocol. Once the
connection is established, the client and server exchange data, referred to as packets, in the
data field of a TCP segment.

First step, identification string exchange ,

begins with the client sending a packet
with an identification string of the form:
SSH-protoversion-softwareversion
The server responds with its own
identification string. These strings are
used in the Diffie–Hellman key exchange.

Next comes algorithm negotiation . Each

side sends an SSH_MSG_KEXINIT
containing lists of supported algorithms
in the order of preference to the
sender. There is one list for each type
of cryptographic algorithm. The
algorithms include key exchange,
encryption, MAC algorithm, and
compression algorithm.

7/23
 SSH Transport Layer Protocol-Packet Exchanges 2/2
The next step is key exchange . The
specification allows for alternative
methods of key exchange, but at present,
only two versions of Diffie–Hellman key
exchange are specified.
As a result of these steps, the two sides
share a master key K .

The end of key exchange is signaled by

the exchange of SSH_MSG_NEWKEYS
packets. At this point, both sides may
start using the keys generated from
master key K.

The final step is service request. The client

sends an SSH_MSG_SERVICE_REQUEST
packet to request either the User
Authentication or the Connection Protocol.
Subsequent to this, all data is exchanged
as payload of SSH Transport Layer
packet, protected by encryption and MAC.

Thus Client and server exchange data,

referred to as packets, in the data field of
a TCP segment. 8/23
 SSH Transport Layer Protocol-Packet Formation
Packet length: Length of the
packet in bytes.notfields
including the packet length and MAC

Padding length: Length of the

random padding field.
Payload: Useful contents of the
packet. If compression is
negotiated, it is compressed.
Random padding: Once
encryption algorithm has been
negotiated, random bytes added
so that the total length of the
packet is a multiple of the
cipher block size, or 8 bytes
for a stream cipher.
Message authentication code
(MAC): If message
authentication has been
negotiated, this field contains
the MAC value.
The MAC value is computed over the entire packet plus a sequence number, excluding the
MAC field. The sequence number is an implicit 32-bit packet sequence that is initialized to
zero for the first packet and incremented for every packet. The sequence number is not
included in the packet sent over the TCP connection.

Once encryption algorithm has

been negotiated, the entire
packet (excluding MAC field) is
encrypted after MAC value is
9/23
calculated.
 the allowable
options for
encryption,
MAC, and
compression.
For each
category, the
algorithm
chosen is the
first algorithm
on the client’s
list that is also
supported by
the server.

* = Required
** = Recommended

SSH Transport Layer

Cryptographic Algorithms
10/23
 Authentication Methods
❏ The server may require one or more of the following authentication methods
❏ PublickeyThe details of this method depend on the public-key algorithm chosen
❏ The client sends a message to the server that contains the client’s
public key, with the message signed by the client’s private key
❏ When the server receives this message, it checks whether the
supplied key is acceptable for authentication and, if so, it checks
whether the signature is correct
❏ Password
❏ The client sends a message containing a plaintext password, which
is protected by encryption by the Transport Layer Protocol
❏ Hostbased
❏ Authentication is performed on the client’s host rather than the
client itself, i.e. a host that supports multiple clients would provide
authentication for all its clients.
❏ This method works by having the client send a signature created
with the private key of the client host
❏ Rather than directly verifying the user’s identity, the SSH server
verifies the identity of the client host
11/23
 SSH Connection Protocol
❏ The SSH Connection Protocol runs on top of the SSH
Transport Layer Protocol and assumes that a secure
authentication connection is in use
❏ The secure authentication connection, referred to as a
tunnel, is used by the Connection Protocol to multiplex a
number of logical channels

❏ Channel mechanism
❏ All types of communication using SSH are supported using
separate channels
❏ Either side may open a channel
❏ For each channel, each side associates a unique channel
number which need not be the same on both ends.
❏ Channels are flow controlled using a window mechanism
❏ No data may be sent to a channel until a message is
received to indicate that window space is available
❏ The life of a channel progresses through three stages:
opening a channel, data transfer, and closing a channel
12/23
 Example SSH Connection Protocol Message Exchange
When either side wishes to open a new channel,
it allocates a local number for the channel and
then sends a message of the form:
SSH_MSG_CHANNEL_OPEN
If the remote side is able to open the channel, it
returns a message,
SSH_MSG_CHANNEL_OPEN_CONFIRMATION
which includes the sender channel number, the
recipient channel number, and window and packet
size values for incoming traffic.
Otherwise, the remote side returns a
SSH_MSG_CHANNEL_OPEN_FAILURE message
with a reason code indicating the reason for
failure.
Once a channel is open, data transfer is
performed using a SSH_MSG_CHANNEL_DATA
message, which includes the recipient channel
number and a block of data. These messages, in
both directions, may continue as long as the
channel is open.
When either side wishes to close a channel, it
sends a SSH_MSG_CHANNEL_CLOSE message,
which includes the recipient channel number.

13/23
 Channel Types
❏ Four channel types are recognized in the SSH Connection
Protocol specification
Session
○The remote execution of a program
○The program may be a shell, an application such as file transfer or e-mail, a system
command, or some built-in subsystem
○Once a session channel is opened, subsequent requests are used to start the remote
program

X11
○Refers to the X Window System, a computer software system and network protocol
that provides a graphical user interface (GUI) for networked computers
○X allows applications to run on a network server but to be displayed on a desktop
machine

Forwarded-tcpip
•Remote port forwarding

Direct-tcpip
•Local port forwarding
14/23
 Port Forwarding

❏ One of the most useful features of SSH

❏ Provides the ability to convert any insecure TCP connection

into a secure SSH connection (also referred to as SSH
tunneling)

❏ Incoming TCP traffic is delivered to the appropriate

application on the basis of the port number (a port is an
identifier of a user of TCP)

❏ An application may employ multiple port numbers

❏ e.g., for the Simple Mail Transfer Protocol (SMTP)

○ server side listens on port 25,
○ incoming SMTP request uses TCP and addresses the data to
destination port 25
○ TCP recognizes the SMTP server address and routes the
data to the SMTP server application. 15/23
 Basic Concept Behind Port Forwarding
A client application is identified
by port number x and a server
application identified by port
number y.
The local TCP entity
negotiates a TCP connection
with the remote TCP entity,
such that the connection links
local port x to remote port y.

To secure this connection, SSH

is configured so that the SSH
Transport Layer Protocol
establishes a TCP connection
between the SSH client and
server entities, with TCP port
numbers a and b.
A secure SSH tunnel is
established over this TCP
connection.
Traffic from the client at port x
is redirected to the local SSH
entity and travels through the
tunnel where the remote SSH
entity delivers the data to the
server application on port y.
Traffic in the other direction
is similarly redirected. 16/23
 Without SSH or Port Forwarding

LS Login
server

UM User’s MI Mail in
machine server

Src: UM Dest: LS Port: 23 MO Mail out

Src: UM Dest: MI Port: 113 server

Src: UM Dest: MO Port: 25

17/23
 SSH Port Forwarding Mechanism
❏ Recall: TCP port number ‘identifies’ application.
❏ SSH on local machine:
● Intercepts traffic bound for server.
● Translates standard TCP port numbers.
● e.g. port 113 ----> port 5113.
● Sends packets to SSH-enabled server through SSH secure
channel.
❏ SSH-enabled server:
● Receives traffic.
● Re-translates port numbers.
● e.g. port 5113 ----> port 113.
● Forwards traffic to appropriate server using internal
network.

18/23
 With SSH and Port Forwarding
MI Mail in
server

UM User’s LS
machine SSH-enabled
MO Mail out
login
server
Src: UM Dest: LS Port: 23 server

Src: UM Dest: MI Port: 113 Src: UM Dest: MO Port: 25

Src: UM Dest: LS Port: 5113 Src: UM Dest: LS Port: 5025
Src: LS Dest: MI Port: 113 Src: LS Dest: MO Port: 25

19/23
 Example of SSH Local Forwarding
❒ Suppose you have an email client on desktop and use it
to get email from mail server via POP3 port 110. We
can secure this traffic in the following way:
❒ 1. SSH client sets up a connection to the remote server.
❒ 2. Select an unused local port number, say 9999, and
configure SSH to accept traffic from this port destined for
port 110 on the server.
❒ 3. SSH client informs the SSH server to create a connection
to the destination, in this case mail server port 110.
❒ 4. Client takes any bits sent to local port 9999 and sends
them to the server inside the encrypted SSH session. SSH
server decrypts the incoming bits and sends the plaintext to
port 110.
❒ 5. In other direction, the SSH server takes any bits received
on port 110 and sends them inside the SSH session back to
the client, who decrypts and sends them to the process
connected to port 9999.

20/23
 Example of SSH Remote Forwarding
❒ To access a server at work from home computer behind a
firewall, you can set up an SSH tunnel using remote
forwarding as follows:
❒ 1. From work computer, set up an SSH connection to home
computer. The firewall will allow this, because it is a
protected outgoing connection.
❒ 2. Configure the SSH server to listen on a local port, say 22,
and to deliver data across the SSH connection addressed to
remote port, say 2222.
❒ 3. At home computer, configure SSH to accept traffic on
port 2222.
❒ 4. You now have an SSH tunnel that can be used for remote
logon to the work server.

21/23
 SSH Applications
❒ Anonymous ftp for software updates, patches…
−No client authentication needed, but clients want to be sure
of origin and integrity of software.
❒ Secure ftp.
− e.g. upload of webpages to webserver using sftp.
− Server now needs to authenticate clients.
−Username and password may be sufficient, transmitted over
secure SSH transport layer protocol.
❒ Secure remote administration.
− SysAdmin (client) sets up terminal on remote machine.
− SysAdmin password protected by SSH transport layer
protocol.
−SysAdmin commands protected by SSH connection protocol.
❒ Guerilla Virtual Private Network.
− e.g. use SSH + port forwarding to secure e-mail
communications.

22/23
 Summary

● Secure Shell (SSH) ● SSH Port Forwarding

Overview ● Forwarding mechanism
● SSH-2 Protocol Stack ● Local forwarding
● SSH-2 Security ● Remote forwarding
● Transport layer protocol ● SSH applications
● User authentication
protocol
● Connection protocol

23/23